by Adam Bosnian
Yesterday we were proud to release the results of our 5th annual “Trust, Security and Passwords” survey, a survey that has become a valuable indicator of how organizations view enterprise security threats, particularly related to powerful, anonymous privileged users. The findings are the result of online surveys conducted in the spring of 2011 with 1422 IT staff and C-Level executives across North America and EMEA. This was the first time we reached out to the C-Suite to explore their perspectives on the threat landscape, from both an internal and external perspective. While the results may have changed over the years, each year some of the findings surprise us while others reaffirm existing beliefs. This year was no different…
With nearly constant news cycles associated with cyber attacks and increased awareness around advanced persistent threats (APT), in many ways it makes sense that 57 percent of global C-level executives agreed that in the next one-to-three years, external threats such as cyber-criminals will become a greater security risk than insider threats. This could be due to a belief that there are more technologies available and controls in place to “contain” the insider threat, or simply the greater attention being given to cyber-attacks such as those impacting companies like EMC’s RSA Security Division, Epsilon and WordPress.
While this year’s survey emphasized the rise or external threats, it also showed that many organizations are still struggling with insider vulnerabilities. Nearly 1 in 5 (16 percent) of C-level respondents admitted that cases of insider sabotage had taken place within their enterprise and similarly, 16 percent of those respondents also believe that competitors may have received highly sensitive information or intellectual property including customer lists, product information and marketing plans from sources within their own organization. And, with their broad reach and highly privileged, anonymous access to various networks, systems and applications, nearly half (48 percent) of all global respondents chose the IT department as the most likely to snoop – another internal force to contend with.
Despite the entry point into an organization, the end-target is usually the same: highly sensitive intellectual, financial and customer information, which can be accessed through highly-powerful privileged accounts and passwords. This increased focus on external attacks will undoubtedly lead organizations to scramble to build higher walls to protect their critical data – but security teams need to stop building those walls and start better isolating and protecting that data.